| « | October 2025 | » | | 日 | 一 | 二 | 三 | 四 | 五 | 六 | | | | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | | |
|
公告 |
| 暂无公告... |
| Blog信息 |
|
blog名称:DeathCat的猫窝
日志总数:17
评论数量:89
留言数量:0
访问次数:216261
建立时间:2005年4月5日 |
| |
|
 [自己写出来的文档,凑合看吧]SSL 和 TLS 应用(English vision)
原创空间, 软件技术
DeathCat 发表于 2005/5/31 13:52:02 |
|
SSL and TLS application
[SSL and TLS introduction]
SSL( Secure socket layer) protocal was developed by Netscape Enterprise at first. Now it has become a global standard which is used by network to identify web site and web page browse user identity, and to encrypt communication between browser user and web server. Because SSL technology has been built inside all main browser and web server program, server functions can be activated only by installing digital certificate or server certificate.
IETF(www.ietf.org) standardize the SSL, that is RFC2246, which is named as TSL (Transport Layer Security). Technically, there is very tiny difference between TLS1.0 and SSL3.0. Because it is not referred to the tiny difference between them in this article, the two terms are equal in this article.
SSL is an optional layer between HTTP and TCP. The general position is as follows:
--------------
HTTP
---------------------------------------
SSL
---------------------------------------
TCP
---------------------------------------
IP
--------------------------------------
The SSL layer has established an encryption channel above the TCP layer . The data passed through is encrypted so that it can achieve the security effect. The SSL layer consults an encryption key with the aid of the lower layers' protocal channel safety, and encrypts the HTTP request with this key; But the TCP layer and the Web Server 443 ports establish a connection, transmitting the the data which is processed by SSL.
Although SSL is suitablly used in HTTP, it also can be used in FTP or other related protocals. It is run in transmission layer and independent in applications, so the related protocals such as FTP or the HTTP may put above this, using initial handshake to carry on the authentication for the server. In this process, the server submits the certificate to the client and assigns the first choice password which have to use. Then, the client produce a secret key which soon is used in the conversation period which will be carried on later. Then the client submits it to the server, and correspondingly encrypts it with the public key of the server. The server uses its private key to decrpyt messages, restore the secret key, and then send a message, which uses this secret, through the client in order to authenticate itself to the client. Uses this secret key, which has been become a protocal, to carry on the further exchange for the encryption data. And uses the second stage (optional) to further increase the security. Here, the server sends an interpellation. Regarding this the client makes the response and returns this interpellation's digital signal and the client public key certificate to the server. The interpellation stage usually uses MD5 RSA with the useful message abstract to execute. Also can use several kinds of symmetrical password, including DES, tertiary DES, IDEA, RC2 and RC4. The public key certificate conforms to the X.509 standard. The SSL encryption under the default condition only to carry on the authentication of the server, the authentication of client is optional.
[the security hole of SSL]
Although a website has possibly used the SSL security technology, this certainly does not mean that the data which is inputting and later will input in this website also is safe. All people should realize that SSL provides only a small part solutions in the electronic business entity security. Use SSL in the website possibly can create the manager some certain illusions to its site security. The received attack of the website which has used SSL has no difference with other servers, similarly should pay attention to each aspect of the security. In brief, the encryption and the digital certificate, the main composition of the SSL, always is unable to protect server - - they can only protect the data which this server receives and dispatches.
Three kinds of SSL common security problems are as following :
1. Attack certificate
Public CA organizations, such as Verisign and so on, are certainly not always reliable. The mistake the system manager usually made is that they too trust the public CA organization such as Verisign and etc. For example, if Verisign provides a certificate to say I am "someone", the system manager very possibly can believe "I am someone". But, the public CA organization possibly does not pay attention to the accuracy of website digital certificate as much as the user's certificate. For example, Verisign has sent a "keyman" organization's certificate, but I am one of the members of the organization "JACK". When a website requests to authenticate user's identity, we submit "JACK" certificate. You possibly can be surprised with the result returned. More serious, because Microsoft Corporation's IIS server has provided Client Certificate Mapping function, it is used to map the name of the submitted certificate of the client to the user account of the NT system. We can obtain the system manager privilege of this host computer in this kind of situation!
If the hacker cannot use the illegal certificate above to breakthrough the server, they may attempt the brute-force attack. Although the brute-force attack certificate is more difficult than the brute-force attack password, there still is one of the attack methods. In order to get the brute-force attack client authentication, the hacker edit a list of the possible user name, then apply certificate to CA organization for each name . Each certificate uses to attempt to gain the visit jurisdiction. The better user name choose, the higher the certificate is approved. The convenience of the brute-force attack certificate is that it only needs to guess an effective user name, not to guess the user name and the password.
2. steal the certificate
Besides the methods above, the hacker also possibly steals the effective certificate and the corresponding private key. Use the Trojan horse is the simplest method. This kind of attack nearly may cause the client certificate as not existing. It attacks a certificate fundamental weakness: The private key - - core of the entire security system - - usually preserves in the unsafe place. Perhaps save the certificate to the equipment such as smart card or token and etc. is the only effective method to cope with these attacks.
3.Security scotoma
The system manager can not use the existing vulnerability scanners or intrusion detection systems, IDS, to examine or monitor the SSL transaction in the network. Intrusion detection systems is looking for the activity which has not passed through the authentication by monitoring network transmission. Any network activities which conform to the known attack pattern or do not pass through the authorized policy all are signed to let the system administrator to inspect.
But in order to let IDS have the function, IDS must be able to inspect all networks' flux information, but the technology of SSL encryption actually causes the information which passes through the http transmission unable to let IDS identify. Furthermore, although we may use the newest security scanning software examines general web page server to seek the security scotoma which is already know, this kind of scanning software certainly cannot inspect the server through the protection of SSL . The web page server, which has the protection of SSL, indeed have as same security scotoma as the common server, but perhaps because of the time and difficulty of establishing the SSL connection, vulnerability scanners certainly are not able to examine the web page server which has the SSL protection. No network monitor system and no vulnerability checkup enable the most important server become the least proceted server.
Aiming at these questions we has the following three solutions:
1. Through the SSL of Proxy proxy server
We may use this material examination technology in a SSL Proxy substitute program. SSL Proxy is a HTTP communication request software which receives the pure text in the connection port 80, it can forwards these requests to the destination website through the connection which is encrypted by SSL. We open a listening socket which will transfer the data entering this proxy in the connection port 80, through the OpenSSL commands above. This on Unix only is a small skill: You only add the below instruction into your /etc/inetd.conf file, this inetd.conf includes all options of network services which are provided by inetd:
www stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/ssl_proxy.sh
But the content of /usr/local/bin/ssl_proxy.sh then states as follows:
#!/bin/sh
/usr/local/ssl/bin/openssl s_client -no_tls1 -quiet -connect 168.172.100.10:443 2>/dev/null
168.172.100.10 is the website address under the SSL protection. "-no_tls1" and "-quiet" options switch off the SSL handshake's title display, and also delete the warning which is sent out by SSL regarding to the website ceritificate which not yet passes through authorization.
If you want to test your proxy connection, you can only use pure text method to build a connection in the system connection port 80 which is executing SSL proxy. This proxy can use SSL to forward the requests received to the destination websiete.
$ telnet 182.197.110.180 GET / HTTP/1.0
In here, server is implementing SSL proxy mechanism the address of 182.197.110.1, but the address received the true protection is 168.172.100.10. Through this SSL proxy mechanism, we only point the security scanning software to the IP address of proxy, so we can use it to examine a SSL server.
2、OpenSSL
OpenSSL includes a set of programs and function libraries, supplies the user SSL function, and allows software engineering to combine the SSL module with their programs. In the multitudinous products supplied by SSL, the most products which can be used to discuss here are command-line SSL client and server tool software. OpenSSL program is a program of command row interface, it is used to initial SSL connection by manual. OpenSSL lets you reguide the input and output of the information with other programs.
3. Monitoring SSL server
The current network IDS only can monitor the pure text information, so we only have two choice: monitor the SSL connection in the server or convert all connection material to the pure text format. Most web page servers have some fundemental log recording functions. For instance: Microsoft IIS Web server has its own log producing function, using W3svc1 format, it can scan lots of general attack statues of the network. I will make the demonstrative attack by the SSL proxy,which aims at the Windows NT4.0's IIS server which has SSL protection, mentioned earlier. We use the general common msadc security penetration technology which discovered by Rain Forest Puppy. Our IIS server is under the C:\WINNT\system32\LogFiles directory, recording the following logs:
12:25:45 10.0.0.1 GET /msadc/msadcs. dll 200
12:25:48 10.0.0.1 POST / msadc/msadcs.dll 200
However, because this log files usually exist in the web server, a successful attack event expresses that the hacker possibly do something to the log file. In addition, the security administrator must check the log file (others such as IDS, firewall and etc.) in the server everyday. This really is not the best solution.
Besides using the host computing's log files, another method is to convert the SSL connection to pure text format. So that IDS of network can monitor the material intercourse. Some products provide this function, but they mainly use to develop the efficiency of processing data, not for the reason of network securrity. Build and maintain SSL connection must consume equivalent CPU time, so that it will decrease the efficiency of web server. In the market there are several merchants which provide "the electronic business accelerator", in order to move the work coped with the SSL to different equipment or proccessor. You can put IDS between the proccesor and the web server, in order to monitor the pure text format of the network traffic. There is a problem to use this method to monitor. That is You must have at least one network segment. This network segment must be secure and seperated with other network equipment.
|
|
|